Comment 1 for bug 305901

C99 (at least the draft that’s available online) actually defines this code as invalid.

  #include <stdio.h>
  int sprintf(char * restrict s, const char * restrict format, ...);
“The sprintf function is equivalent to fprintf, except that the output is written into an array (specified by the argument s) rather than to a stream. A null character is written at the end of the characters written; it is not counted as part of the returned value. If copying takes place between objects that overlap, the behavior is undefined.”

So I guess the real answer is to fix the affected source. It might be nice to know if any software in Ubuntu is affected.